Release 0.3.1

Changelog for v0.3.1

Bugfixes

• Fix the Location header for created resources to reflect the recent API changes
• Add proper URLEncoding to the path components of Location header
• Fix display of Source Data details page
• Fix a display issue with the dynamic source registration checkbox
• Entity identifiers that are part of the resource path are now properly URIEncoded by the frontend

Security

• JWT's now need the correct scope in addition to the correct user authority. This allows a user to authorize certain applications for certain scopes, instead of the application automatically 'inheriting' all user authorities

Source Type Import

• Implement a source-type importer from catalog server
• The serverUrl and enableAutoImport properties need to be configured according to the deployment setup in application-*.yml.
• If the source-type import is enabled, the service will try to load all the source-types available in catalog-server from Radar-schemas.

Auditing

• Improved display of the audit extra data fields in the UI
• Disabled auditing of every authenticated API request
• Enabled auditing of successful and unsuccessful login attempts
• Enabled auditing of token grants
• Enabled auditing of entity events (create, update and delete)
• Enabled auditing of refresh token generation (Pair app function)
• Enabled auditing of discontinue subject

OAuth clients

• Add API endpoints and UI components for CRUD operations on oauth clients
• Add additional keyword protected for the additional_information property of OAuth clients. If this key is set to true, the OAuth client will not be able to be deleted or modified in any way with by using the UI or API. This is to protect an OAuth client like our MP UI from becoming accidentally misconfigured and as a result being locked out.
• Change the mechanism for loading OAuth clients, no longer a liquibase load. This allows us to supply client secrets in plain text and have them be run through the password encoder before load. The client for the frontend is loaded always and can be configured using the managementportal.frontend.* settings. Other clients can be supplied using an identical CSV as was the case with liquibase. Location of this file can be configured using the managementportal.oauth.clientsFile property, default location for production profile is /mp-includes/config/oauth_client_details.csv and for development profile is src/main/docker/etc/config/oauth_client_details.csv. Remember Spring allows these properties to be overridden using environment variables through relaxed binding, e.g. MANAGEMENTPORTAL_OAUTH_CLIENTS_FILE will override the setting from the application.yml file.

API CHANGES

• /api/oauthclients -> /api/oauth-clients

Release 0.3.0

#Changelog for v0.3.0

Bugfixes

• Various broken links are now fixed
• Fixed an issue with reassigning a subject to another project
• Fixed an issue with translations not being properly loaded

Security

• Access token now stored in cookie for CSRF protection
• Frontend client credentials are now configurable

API

• GET /api/projects/{projectName}/device-types -> GET /api/projects/{projectName}/source-types
• /api/sensor-data -> /api/source-data
• /api/device-types -> /api/source-types
• All field names sensorData* renamed to sourceData*
• All field names deviceType* renamed to sourceType* (this includes bodies of POSTs like POST /api/subjects/{login}/sources). i.e. current dynamic source registration request body is

{
  "assigned": true,
  "attributes": {},
  "expectedSourceName": "string",
  "id": 0,
  "sourceId": "string",
  "sourceName": "string",
  "sourceTypeCatalogVersion": "string",
  "sourceTypeId": 0,
  "sourceTypeModel": "string",
  "sourceTypeProducer": "string"
}

Schema

• Cleaned up Liquibase schema definitions
• Rename DeviceType to SourceType
• Rename SensorData to SourceData
• Alignment with RADAR-Schemas
• SourceType now has one-to-many relationship to SourceData

Release 0.2.1

Following issues have been addressed:

• Change default sourceName of a new source to include the device model
• Update documentation for POST /api/subjects/:login/source
• Update dynamic source registration to allow two scenarios: either deviceTypeId is specified, or the combination of (deviceTypeProducer, deviceTypeModel, deviceTypeCatalogVersion) is specified
• Update dynamic source registration tests to test for both scenarios
• Fix source name logic when creating a new source for dynamic registration
• Increase protractor timeouts for more stable e2e tests

Release 0.2.0

• Demo data no longer loaded when production profile is selected
• Fix issue that prevents new users from setting up a password
• Fix CORS issue on production profile
• Fix existing browser-based e2e tests
• Add new browser-based e2e tests
• radar-auth: Java library for authenticating clients that have tokens issued by ManagementPortal
• oauth-client-util: Java library for managing OAuth tokens in a client application using the client credentials grant type

Release 0.1.0

From this point on, the API should be fairly stable. Key features now include:

• Creation of projects, subjects, devices, etc.
• Updated authentication/authorization and permissions systems
• Source assigner for assigning sources to subjects
• Ability to pair mobile apps to subjects by scanning a QR code from the app
• Updated project view

Known issues include:

• Date selector not working in browsers other than Chrome
• Error reporting to be improved